E-commerce · Amazon SP-API · Restricted role

Direct-to-Consumer Shipping (Restricted) role

The Direct-to-Consumer Shipping (Restricted) role unlocks the buyer ship-to PII you need to fulfil orders yourself, read orders, buy carrier labels, and confirm shipments back to Amazon. Because those operations use PII to enable shipping, Amazon gates the role behind a compliance review. We rebuild the exact security and data-handling file Amazon scores, so the reason behind your refusal is gone.

Orders API v0 · getOrders Shipping API v2 POST_ORDER_FULFILLMENT_DATA Buyer ship-to PII
Amazon does not approve a Direct-to-Consumer Shipping application because it is well written. It approves because the application demonstrates compliant handling of buyer ship-to PII. The most common rejection comes back as one line: “security and compliance documentation did not meet requirements.” That single line is exactly what we rebuild.
What the role is

What the Direct-to-Consumer Shipping role unlocks

A cross-API restricted role for shipping Amazon marketplace orders directly to buyers, judged on its own justification, because the PII it exposes is the buyer's real ship-to identity.

Amazon's official definition

Per Amazon's Selling Partner API roles documentation, the role “Provides access to operations that ship orders directly to customers using their carrier of choice, including Amazon. Operations that require this role use PII to enable shipping.” It is available to sellers and vendors, and the “(Restricted)” suffix marks it as a PII role requiring extra approval.

Amazon writes the name two ways, Direct-to-Consumer Shipping (hyphenated) and Direct to Consumer Shipping, across its pages. They refer to the same role; the hyphenated form is canonical. The roles documentation itself names three flagship operations the role gates: getOrders (Orders API v0), createReport (Reports API v2021-06-30) for the shipping order report, and createFeed (Feeds API v2021-06-30) for the ship-confirmation feed. The full role-mappings table extends it across the fulfilment and shipping APIs below.

Read it straight from Amazon: the roles in the Selling Partner API overview and the role mappings table.

Behind the role

The API in practice

The concrete operations the Direct-to-Consumer Shipping role gates, with the exact API versions, report and feed types kept verbatim, the way an Amazon reviewer reads them.

The three operations the roles doc itself names

  • getOrders (Orders API v0), returns a list of orders and order information; the role is required because order objects can carry ship-to PII.
  • createReport (Reports API v2021-06-30), required when requesting the report type GET_FLAT_FILE_ORDER_REPORT_DATA_SHIPPING, the order report that includes shipping/PII data.
  • createFeed (Feeds API v2021-06-30), required when submitting the POST_ORDER_FULFILLMENT_DATA feed, which pushes carrier, tracking number and ship date back to Amazon so the order is marked shipped and the buyer is notified.

Buying labels, Shipping API v2 (modern) and Merchant Fulfillment API v0 (legacy)

For new integrations, Amazon says: “use the Shipping API v2 instead.” Its operations include getRates, purchaseShipment, oneClickShipment, getTracking, getShipmentDocuments and cancelShipment. The legacy Merchant Fulfillment API v0 (“Buy Shipping”) gates getEligibleShipmentServices, createShipment, getShipment, cancelShipment and getAdditionalSellerInputs, all requiring the Direct-to-Consumer Shipping (Restricted) role.

Easy Ship & External Fulfillment

The role also covers Easy Ship API v2022-03-23 scheduling operations such as listHandoverSlots and createScheduledPackage, and the External Fulfillment APIs v2024-09-11 shipping operations (for example processShipment, generateShipLabels, getShipments).

Why it is gated

The buyer data it unlocks, and why Amazon gates it

The role exists because shipping a parcel requires the buyer's real ship-to identity. That is exactly the PII Amazon expects you to scope, encrypt and delete on a fixed schedule.

The ship-to PII this role exposes

  • Name: buyer / recipient full name
  • AddressLine1, AddressLine2, AddressLine3
  • City, StateOrProvinceCode, PostalCode, CountryCode
  • Email and Phone
  • Via Shipping API v2 getTracking, proof-of-delivery data: delivery location, signature image and the receivedBy name

Because disclosure or misuse of this data is a data-protection and legal risk, Amazon classifies the role as restricted and only grants it after a Restricted Data Access review of your Data Protection Policy compliance. Note one tightening to plan for: MFN orders now require this role to return certain shipping fields, apps relying on default order data without the role can suddenly lose those PII fields.

So who actually needs the Direct-to-Consumer Shipping role, and who does not? If you read a buyer's address or buy a label, it is you. If Amazon ships your orders, it is not.
Use cases

Who needs the Direct-to-Consumer Shipping role

The role powers self-fulfilment and label-buying workflows across sellers, software and logistics platforms.

Self-fulfilment label buying

Pull the order's ship-to address, call getRates / getEligibleShipmentServices, buy a label with purchaseShipment / createShipment, print and ship.

Ship-confirmation to Amazon

Push carrier code, carrier name, tracking number and ship date with the POST_ORDER_FULFILLMENT_DATA feed so the order is marked shipped and the buyer is notified.

Buy-Shipping protection

Purchasing labels through Amazon Buy Shipping keeps sellers protected on late / undelivered metrics and A-to-z claims.

Rate shopping across carriers

Compare Amazon Shipping against UPS, USPS, FedEx and DHL to pick the cheapest or fastest service for each order.

Easy Ship scheduling

In eligible marketplaces (e.g. India), schedule courier handover slots with listHandoverSlots and createScheduledPackage.

Tracking sync & reports

Use getTracking to update buyers and pull GET_FLAT_FILE_ORDER_REPORT_DATA_SHIPPING for batch fulfilment, address verification and manifesting.

Who needs it, and who does not

Needs it
  • FBM / MFN sellers self-shipping orders
  • Shipping & multi-carrier label / rate software
  • OMS / multichannel tools that mark orders shipped
  • WMS / 3PL platforms shipping on the seller's behalf
  • ERP systems and Easy Ship / external-fulfilment integrators
Does not need it
  • Pure-FBA sellers, Amazon ships the orders
  • Apps that never read ship-to PII
  • Apps that never buy shipping labels
  • Pure off-Amazon Amazon Shipping, that flow uses the Amazon Logistics role instead
Anyone can fill in the same Amazon form. The difference is whether the file proves you handle ship-to PII the way Amazon's policy demands. That proof is documentary, and it is exactly what we build.
How to get approved

How to get the Direct-to-Consumer Shipping role approved

Approval is a compliance review, not a coding test. Register as a developer, request the role in Developer Central / App registration, and pass Amazon's review of your Data Protection Policy compliance.

Three things win it: your application answers, a publishable Data Handling & Privacy Policy, and proof you implement the controls Amazon scores, secure handling and encryption of ship-to PII, least-privilege access, limited retention with automated deletion, and a legitimate shipping use case. For the Direct-to-Consumer Shipping role specifically, your justification must tie each PII field (name, full address, email, phone) to the act of generating a label and confirming a shipment, nothing broader.

One onboarding trap to avoid: pick Direct-to-Consumer Shipping for shipping Amazon orders; the off-Amazon Amazon Shipping program flow asks for the Amazon Logistics role instead. Choosing the wrong label is a common cause of access not working. We map your use case to the correct role and write the whole file so every document tells the same story.

The real reason

Why Direct-to-Consumer Shipping applications get rejected

Amazon rarely tells you what went wrong. The decision almost always comes down to one phrase, your security and compliance documentation did not meet requirements. In practice, that means one or more of these:

  • Weak shipping justification, the file does not tie each PII field to generating a label or confirming a shipment.
  • Wrong role selected, Amazon Logistics chosen when the use case is Amazon-order shipping, or vice-versa.
  • No field-level data inventory showing which ship-to PII is used, where and why.
  • PII retention not capped or not provably automated, no enforced deletion after fulfilment.
  • Logs that store customer PII, or no evidence of access reviews and offboarding.
  • Documentary inconsistency, application answers, privacy policy and security procedures contradict each other.
  • Generic, copy-paste answers and vague wording that prove nothing.
  • Any hint of credential harvesting, asking for Seller Central passwords or keys is an automatic refusal.
  • Any hint of cross-seller data aggregation or resale of Amazon-derived shipping data.
  • A public website that does not match the role, claiming shipping capability you cannot show, or missing it entirely.

Amazon reviews evidence, not promises. We remove every one of these reasons, so there is no compliance ground left to refuse you on.

Frequently asked questions

What is the Direct-to-Consumer Shipping (Restricted) role?
It is a restricted Amazon SP-API role that, per Amazon's roles documentation, "Provides access to operations that ship orders directly to customers using their carrier of choice, including Amazon. Operations that require this role use PII to enable shipping." Because shipping a parcel needs the buyer's real ship-to identity, Amazon gates the role behind a Restricted Data Access review and Data Protection Policy obligations. Amazon also writes it as "Direct to Consumer Shipping", the same role; always keep the "(Restricted)" suffix.
Which SP-API operations does the Direct-to-Consumer Shipping role gate?
The roles documentation names three flagship operations: getOrders (Orders API v0), createReport (Reports API v2021-06-30) when requesting GET_FLAT_FILE_ORDER_REPORT_DATA_SHIPPING, and createFeed (Feeds API v2021-06-30) when submitting POST_ORDER_FULFILLMENT_DATA. The role-mappings table extends it across Merchant Fulfillment API v0 (createShipment, getEligibleShipmentServices, getShipment, cancelShipment, getAdditionalSellerInputs), Shipping API v2 (getRates, purchaseShipment, oneClickShipment, getTracking, getShipmentDocuments, cancelShipment), Easy Ship v2022-03-23 and External Fulfillment v2024-09-11 shipping operations.
Why is the Direct-to-Consumer Shipping role "restricted"?
Because every gated operation uses buyer Personally Identifiable Information (PII) to enable physical delivery. The ship-to address object exposes Name, AddressLine1, AddressLine2, AddressLine3, City, StateOrProvinceCode, PostalCode, CountryCode, Email and Phone, and Shipping API v2 getTracking can surface proof-of-delivery data (delivery location, signature image, receivedBy name). Exposing or misusing that data is a data-protection and legal risk, so Amazon requires extra approval before granting access.
Do I need this role if I only use FBA?
No. Amazon ships FBA orders, so pure-FBA sellers do not need the Direct-to-Consumer Shipping role. You need it for FBM / MFN self-fulfilment, reading the buyer ship-to address, buying labels and confirming shipment. Apps that never read ship-to PII and never buy labels do not need it either.
What buyer data does the role unlock?
The buyer ship-to identity from the Order / OrderAddress object: Name, AddressLine1/2/3, City, StateOrProvinceCode, PostalCode, CountryCode, Email and Phone, plus shipment and label documents, rate offerings, and tracking/proof-of-delivery objects. This is exactly the PII Amazon expects you to scope tightly, encrypt, and delete on a fixed retention schedule.
What is the difference between the Direct-to-Consumer Shipping role and the Amazon Logistics role?
Direct-to-Consumer Shipping (Restricted) is the role for shipping Amazon marketplace orders through SP-API. The standalone off-Amazon Amazon Shipping program's getting-started flow instead asks you to select the Amazon Logistics role. The role you request depends on your use case, Amazon-order shipping versus pure off-Amazon shipping. Choosing the wrong label during onboarding is a common reason access does not work; we make sure you pick the correct one.
Should I integrate with Merchant Fulfillment API v0 or Shipping API v2?
Both require the Direct-to-Consumer Shipping role. Merchant Fulfillment API v0 is the legacy "Buy Shipping" path; Amazon's own guidance is "For new integrations, use the Shipping API v2 instead." The role you apply for is the same, the difference is purely which API you build on.
How do I get the Direct-to-Consumer Shipping role approved?
Register as a developer, request the role in Developer Central / App registration, and pass Amazon's review of your Data Protection Policy compliance: a legitimate shipping use case, secure PII handling (encryption in transit and at rest), least-privilege access, limited retention with automated deletion, and a Data Handling & Privacy Policy. Approval is a documentary compliance review, Fenchell builds that whole file for you, ready to submit.
Why did my Direct-to-Consumer Shipping application get rejected?
Almost always because the security and compliance documentation did not meet requirements, not because the product is weak. Common causes: a weak shipping justification, no field-level inventory of which ship-to PII you use, retention that is not capped or not provably automated, logs that store PII, contradictions between your answers, privacy policy and security procedures, a public website that does not match the role, or selecting Amazon Logistics when you needed Direct-to-Consumer Shipping (or vice-versa).
Why did my MFN order data suddenly lose the shipping address?
Amazon has tightened access so that certain shipping PII fields on MFN orders now require the Direct-to-Consumer Shipping role. Apps that relied on default order data without the role can stop receiving those PII fields. Requesting and being approved for the role restores access to the ship-to data you need to fulfil.
Is the Direct-to-Consumer Shipping role for sellers, vendors, or both?
Both. Amazon's roles overview marks the Direct-to-Consumer Shipping (Restricted) role as available to sellers and to vendors.
Do you need access to our code, servers or Amazon account?
No. Fenchell is a marketplace-compliance firm, not a development agency. We prepare the application answers, the Data Handling & Privacy Policy and the implementation checklist; your own IT lead implements it on your infrastructure. We never need your source code, your servers or your Amazon login.
Do I need an EU company to apply for the Direct-to-Consumer Shipping role?
Not strictly, but a properly established company with a clean public presence and a real data-handling policy makes approval easier, and a compliant EU structure helps with VAT and data-protection expectations. We can set up a compliant Bulgarian company 100% remotely and align your structure, your VAT and your Amazon application so they support each other.
How long does Amazon take to approve the Direct-to-Consumer Shipping role?
Amazon controls the final timing, so there is no guaranteed deadline. In our experience preparing restricted-role applications since 2018, a complete, compliant submission is typically reviewed within roughly 2 to 6 weeks. Public apps that also require the third-party Data Security Assessment add about a month for that step. The single biggest accelerator is a file that meets Amazon's security and compliance bar on the first attempt, which is exactly what we build.

Get the Direct-to-Consumer Shipping role approved

Start the form and we will confirm your role, your path and your next steps. The standard restricted-role file is 650 €, delivered in 48 hours, obtained or refunded subject to our T&Cs. Building shipping software for many sellers? Book a call for a tailored scope.

Content reviewed by Loïc Segui (COO & CTO), Fenchell's Marketplace Compliance Team · last updated 29 June 2026. We never promise approval: even when your file is prepared correctly, Amazon retains the right not to grant restricted access without justification. The figures shown on this page (40+ developer & restricted-role accesses since 2018, 87% of customers obtained their access) are based on real client cases and do not constitute a guarantee of outcome; results vary depending on your situation and Amazon's decision. Operation names, report and feed types and API version strings are reproduced from Amazon's developer documentation. Fenchell Capital OOD, Bulgarian firm based in Plovdiv (EIK 207945095).

Best Service. “Getting approved for access to the Amazon API was a real challenge for us. Fenchel and their team stepped in, audited our functionality, and helped us understand precisely what Amazon's software review team was looking for — which made all the difference.”
Verified client review · unprompted · March 2026
4.8/5 Rated by 250 verified clients on eKomi · Fenchell across all services
Start my application